| clarkb | the tasks are running in the context of hostA but want to lookup hostB facts | 00:00 |
|---|---|---|
| clarkb | I think the way you address this is with an explicit task early in the playbook to explicitly load facts for hostB | 00:00 |
| clarkb | mordred and pabelanger may remember running into this. I want to say for zuul base jobs? | 00:00 |
| ianw | hrm, why would it sometimes work and sometimes not ...? | 00:00 |
| clarkb | because it is a race between setup on hostB and starting the tasks that need the info on hostA | 00:01 |
| clarkb | (though this is somewhat fuzzy memory so I may have gotten the details wrong0 | 00:01 |
| clarkb | fwiw I've made a note to double check zm01.opendev.org has successfully cloned nova or openstack manuals tomorrow before doing widespread replacements | 00:13 |
| clarkb | as I think that is likeyl to be the only issue we'll run into at this point | 00:13 |
| clarkb | and if it was able to successfully grab nova we should be good to replace all the zms | 00:13 |
| openstackgerrit | Merged opendev/system-config master: Use dstat to record performance of system-config-run hosts https://review.opendev.org/c/opendev/system-config/+/775051 | 00:14 |
| clarkb | yay | 00:14 |
| *** brinzhang_ has quit IRC | 00:14 | |
| *** brinzhang has joined #opendev | 00:14 | |
| openstackgerrit | Steve Baker proposed openstack/diskimage-builder master: Don't install centos-linux-release on 8-stream https://review.opendev.org/c/openstack/diskimage-builder/+/777027 | 00:15 |
| openstackgerrit | Ian Wienand proposed opendev/system-config master: service-borg-backup: preload backup server facts https://review.opendev.org/c/opendev/system-config/+/777032 | 00:38 |
| clarkb | new zm01 cloned neutron without trouble and that is the third largest repo iirc | 00:38 |
| ianw | clarkb: ^ not sure how it sometimes works and sometimes doesn't ... is that ~ what you were thinking? | 00:38 |
| *** tosky has quit IRC | 00:38 | |
| clarkb | yes, though now I need to reread how the setup mdoule works | 00:39 |
| clarkb | !all means min | 00:40 |
| openstack | clarkb: Error: "all" is not a valid command. | 00:40 |
| ianw | yeah, i tested that and it seems to return ssh key facts | 00:40 |
| clarkb | yup looks correct to me +2 | 00:41 |
| *** _mlavalle_1 has quit IRC | 00:59 | |
| openstackgerrit | Ian Wienand proposed opendev/system-config master: gitea: fix db backup script https://review.opendev.org/c/opendev/system-config/+/777037 | 01:04 |
| openstackgerrit | Ian Wienand proposed opendev/system-config master: translate: fix backup extras match https://review.opendev.org/c/opendev/system-config/+/777039 | 01:12 |
| ianw | fungi: ^ i feel like the system is working :) | 01:12 |
| *** ysandeep|away is now known as ysandeep|ruck | 01:14 | |
| fungi | ooh! | 01:15 |
| fungi | ianw: the commit message on 777039 says "_extras" (plural) but the change itself adds "_extra" (singular). ask.yaml uses borg_backup_excludes_extra and isn't erroring, so i'm going to assume the diff is correct | 01:20 |
| openstackgerrit | Ian Wienand proposed opendev/system-config master: service-borg-backup: preload backup server facts https://review.opendev.org/c/opendev/system-config/+/777032 | 01:22 |
| openstackgerrit | Ian Wienand proposed opendev/system-config master: gitea: fix db backup script https://review.opendev.org/c/opendev/system-config/+/777037 | 01:22 |
| openstackgerrit | Ian Wienand proposed opendev/system-config master: translate: fix backup extras match https://review.opendev.org/c/opendev/system-config/+/777039 | 01:22 |
| ianw | indeed | 01:22 |
| ianw | and gather_subset: should be a string, not a list in 777032 | 01:22 |
| *** hamalq has quit IRC | 01:26 | |
| fungi | ahh, and 777032 is the fix for the race you were discussing earlier | 01:28 |
| ianw | it's still not clear to me how this race occurs and why it's never hit in the gate, but i think it's generally more correct | 01:31 |
| openstackgerrit | Ian Wienand proposed opendev/system-config master: gitea: fix db backup script https://review.opendev.org/c/opendev/system-config/+/777037 | 02:00 |
| openstackgerrit | Ian Wienand proposed opendev/system-config master: translate: fix backup extras match https://review.opendev.org/c/opendev/system-config/+/777039 | 02:00 |
| openstackgerrit | Ian Wienand proposed opendev/system-config master: service-borg-backup: preload backup server facts https://review.opendev.org/c/opendev/system-config/+/777032 | 02:04 |
| *** stevebaker has quit IRC | 02:16 | |
| *** ysandeep|ruck has quit IRC | 02:18 | |
| *** ysandeep has joined #opendev | 02:19 | |
| openstackgerrit | Merged opendev/system-config master: translate: fix backup extras match https://review.opendev.org/c/opendev/system-config/+/777039 | 02:38 |
| *** ysandeep is now known as ysandeep|away | 02:48 | |
| openstackgerrit | Merged opendev/system-config master: service-borg-backup: preload backup server facts https://review.opendev.org/c/opendev/system-config/+/777032 | 03:21 |
| *** stevebaker has joined #opendev | 03:49 | |
| *** ysandeep|away is now known as ysandeep|ruck | 04:27 | |
| *** ykarel has joined #opendev | 04:36 | |
| openstackgerrit | Merged opendev/system-config master: Stop using mysqlclient ssl flag https://review.opendev.org/c/opendev/system-config/+/722405 | 05:00 |
| openstackgerrit | Ian Wienand proposed opendev/system-config master: gerrit: download latest mysql connector https://review.opendev.org/c/opendev/system-config/+/776857 | 05:29 |
| openstackgerrit | Ian Wienand proposed opendev/system-config master: [wip] gerrit : add mariadb_container option https://review.opendev.org/c/opendev/system-config/+/775961 | 05:29 |
| *** marios has joined #opendev | 06:00 | |
| *** slaweq_ has joined #opendev | 06:50 | |
| *** hashar has joined #opendev | 07:12 | |
| *** brinzhang has quit IRC | 07:13 | |
| *** ralonsoh has joined #opendev | 07:21 | |
| openstackgerrit | Merged opendev/system-config master: gitea: fix db backup script https://review.opendev.org/c/opendev/system-config/+/777037 | 07:23 |
| *** smcginnis has quit IRC | 07:30 | |
| *** smcginnis has joined #opendev | 07:30 | |
| *** ysandeep|ruck is now known as ysandeep|lunch | 07:35 | |
| *** eolivare has joined #opendev | 07:54 | |
| *** andrewbonney has joined #opendev | 08:06 | |
| *** fressi has joined #opendev | 08:08 | |
| *** rpittau|afk is now known as rpittau | 08:28 | |
| *** zoharm has joined #opendev | 08:30 | |
| *** ykarel_ has joined #opendev | 08:31 | |
| *** ykarel has quit IRC | 08:33 | |
| *** ysandeep|lunch is now known as ysandeep|ruck | 08:39 | |
| *** tosky has joined #opendev | 08:50 | |
| *** jpena|off is now known as jpena | 08:58 | |
| openstackgerrit | Pierre Riteau proposed opendev/irc-meetings master: Cancel weekly Blazar meeting https://review.opendev.org/c/opendev/irc-meetings/+/775784 | 09:01 |
| openstackgerrit | Guillaume Chauvel proposed opendev/system-config master: Increase autogenerated comment width to avoid line wrap https://review.opendev.org/c/opendev/system-config/+/771445 | 09:25 |
| openstackgerrit | Guillaume Chauvel proposed opendev/system-config master: [DNM] test comment width: review without autogenerated tag https://review.opendev.org/c/opendev/system-config/+/771798 | 09:25 |
| *** noonedeadpunk has quit IRC | 09:26 | |
| *** DSpider has joined #opendev | 09:26 | |
| *** noonedeadpunk has joined #opendev | 09:29 | |
| *** lpetrut has joined #opendev | 09:35 | |
| *** slaweq_ is now known as slaweq | 09:40 | |
| openstackgerrit | Merged openstack/diskimage-builder master: Don't install centos-linux-release on 8-stream https://review.opendev.org/c/openstack/diskimage-builder/+/777027 | 09:56 |
| openstackgerrit | Oleksandr Kozachenko proposed zuul/zuul-jobs master: Revert "Revert "Update upload-logs roles to support endpoint override"" https://review.opendev.org/c/zuul/zuul-jobs/+/776677 | 10:18 |
| *** ykarel_ is now known as ykarel | 10:20 | |
| openstackgerrit | Oleksandr Kozachenko proposed zuul/zuul-jobs master: Revert "Revert "Update upload-logs roles to support endpoint override"" https://review.opendev.org/c/zuul/zuul-jobs/+/776677 | 10:21 |
| openstackgerrit | Oleksandr Kozachenko proposed opendev/base-jobs master: Update post-logs playbook https://review.opendev.org/c/opendev/base-jobs/+/777087 | 10:25 |
| openstackgerrit | Guillaume Chauvel proposed opendev/system-config master: Increase autogenerated comment width to avoid line wrap https://review.opendev.org/c/opendev/system-config/+/771445 | 10:46 |
| *** rpittau is now known as rpittau|bbl | 11:00 | |
| *** iurygregory_ has joined #opendev | 11:00 | |
| *** iurygregory has quit IRC | 11:01 | |
| *** dtantsur|afk is now known as dtantsur | 11:03 | |
| *** iurygregory_ is now known as iurygregory | 11:06 | |
| *** smcginnis has quit IRC | 11:19 | |
| *** smcginnis has joined #opendev | 11:26 | |
| openstackgerrit | Martin Chacon Piza proposed openstack/project-config master: Deprecate monasca-log-api https://review.opendev.org/c/openstack/project-config/+/777093 | 11:39 |
| *** brinzhang has joined #opendev | 11:43 | |
| openstackgerrit | Martin Chacon Piza proposed openstack/project-config master: Deprecate monasca-ceilometer https://review.opendev.org/c/openstack/project-config/+/777095 | 11:43 |
| *** brinzhang has quit IRC | 11:45 | |
| *** hashar is now known as hasharLunch | 11:57 | |
| *** smcginnis has quit IRC | 12:01 | |
| *** mrunge_ has joined #opendev | 12:01 | |
| *** mrunge has quit IRC | 12:02 | |
| *** smcginnis has joined #opendev | 12:07 | |
| *** jpena is now known as jpena|lunch | 12:30 | |
| *** mrunge_ is now known as mrunge | 12:36 | |
| openstackgerrit | Merged opendev/irc-meetings master: Cancel weekly Blazar meeting https://review.opendev.org/c/opendev/irc-meetings/+/775784 | 12:47 |
| *** rpittau|bbl is now known as rpittau | 13:01 | |
| *** jpena|lunch is now known as jpena | 13:33 | |
| *** zimmerry has quit IRC | 13:43 | |
| *** mlavalle has joined #opendev | 13:58 | |
| *** zimmerry has joined #opendev | 14:02 | |
| *** fressi has quit IRC | 14:06 | |
| *** fressi has joined #opendev | 14:07 | |
| *** fressi has quit IRC | 14:08 | |
| *** fressi has joined #opendev | 14:10 | |
| *** ysandeep|ruck is now known as ysandeep|dinner | 14:51 | |
| *** ykarel has quit IRC | 14:59 | |
| *** fressi has quit IRC | 15:11 | |
| *** ysandeep|dinner is now known as ysandeep|ruck | 15:25 | |
| clarkb | zm01.opendev.org did clone nova and appears to have done so successfully. It took about 7 minutes | 15:44 |
| clarkb | I think that means we're good to proceed with replacing the rest of the mergers. I will work on that after meetings today | 15:44 |
| clarkb | also I guess I can go ahead and clean up zm01.openstack.org. I'll try to get that done between meetings | 15:48 |
| fungi | 7 minutes sounds about right. we used to timeout those operations at 300 and doubled it to 600 to cope with the performance change after upgrade | 15:51 |
| *** sshnaidm is now known as sshnaidm|afk | 16:04 | |
| *** hasharLunch is now known as hashar | 16:22 | |
| *** lpetrut has quit IRC | 16:32 | |
| *** _mlavalle_1 has joined #opendev | 16:39 | |
| *** _mlavalle_1 has quit IRC | 16:41 | |
| *** mlavalle has quit IRC | 16:43 | |
| *** zimmerry has quit IRC | 16:44 | |
| *** zoharm has quit IRC | 16:47 | |
| *** klonn has joined #opendev | 16:50 | |
| *** klonn has quit IRC | 16:50 | |
| *** ysandeep|ruck is now known as ysandeep|away | 17:21 | |
| *** marios is now known as marios|out | 17:24 | |
| *** zimmerry has joined #opendev | 17:35 | |
| *** zimmerry has quit IRC | 17:40 | |
| *** rpittau is now known as rpittau|afk | 17:41 | |
| *** marios|out has quit IRC | 17:43 | |
| clarkb | fungi: are you ok with deleting zm01.openstack.org 0dad8f01-389c-40f2-8796-57ee4901ce07 now? | 17:48 |
| clarkb | if so I'll get that done shortly | 17:48 |
| fungi | clarkb: yep, looks entirely idle, go for it | 17:50 |
| *** zimmerry has joined #opendev | 17:53 | |
| *** zimmerry has quit IRC | 17:59 | |
| *** dtantsur is now known as dtantsur|afk | 18:00 | |
| clarkb | done | 18:01 |
| clarkb | #status log Deleted zm01.openstack.org 0dad8f01-389c-40f2-8796-57ee4901ce07 as it has been replaced by zm01.opendev.org | 18:01 |
| openstackstatus | clarkb: finished logging | 18:01 |
| *** jpena is now known as jpena|off | 18:02 | |
| *** zimmerry has joined #opendev | 18:03 | |
| *** zimmerry has quit IRC | 18:15 | |
| *** mlavalle has joined #opendev | 18:20 | |
| *** eolivare has quit IRC | 18:29 | |
| *** lpetrut has joined #opendev | 18:34 | |
| openstackgerrit | Thierry Carrez proposed opendev/irc-meetings master: Remove usused Heat meeting slot https://review.opendev.org/c/opendev/irc-meetings/+/777184 | 18:36 |
| openstackgerrit | Thierry Carrez proposed opendev/irc-meetings master: Remove usused I18n meeting slot https://review.opendev.org/c/opendev/irc-meetings/+/777185 | 18:37 |
| openstackgerrit | Thierry Carrez proposed opendev/irc-meetings master: Remove usused LOCI meeting slot https://review.opendev.org/c/opendev/irc-meetings/+/777186 | 18:38 |
| openstackgerrit | Thierry Carrez proposed opendev/irc-meetings master: Remove usused Mistral meeting slot https://review.opendev.org/c/opendev/irc-meetings/+/777187 | 18:39 |
| *** lpetrut has quit IRC | 18:40 | |
| openstackgerrit | Thierry Carrez proposed opendev/irc-meetings master: Remove usused Charms meeting slot https://review.opendev.org/c/opendev/irc-meetings/+/777188 | 18:49 |
| openstackgerrit | Thierry Carrez proposed opendev/irc-meetings master: Remove usused PowerVM meeting slot https://review.opendev.org/c/opendev/irc-meetings/+/777190 | 18:50 |
| openstackgerrit | Thierry Carrez proposed opendev/irc-meetings master: Remove usused Public Cloud SIG meeting slot https://review.opendev.org/c/opendev/irc-meetings/+/777191 | 18:51 |
| openstackgerrit | Thierry Carrez proposed opendev/irc-meetings master: Remove usused Telemetry meeting slot https://review.opendev.org/c/opendev/irc-meetings/+/777192 | 18:51 |
| openstackgerrit | Thierry Carrez proposed opendev/irc-meetings master: Remove usused Vitrage meeting slot https://review.opendev.org/c/opendev/irc-meetings/+/777193 | 18:52 |
| openstackgerrit | Thierry Carrez proposed opendev/irc-meetings master: Remove usused Zaqar meeting slot https://review.opendev.org/c/opendev/irc-meetings/+/777194 | 18:53 |
| *** zimmerry has joined #opendev | 19:16 | |
| *** zimmerry has quit IRC | 19:16 | |
| *** zimmerry has joined #opendev | 19:17 | |
| *** hashar has quit IRC | 19:22 | |
| openstackgerrit | Merged openstack/project-config master: Deprecate monasca-ceilometer https://review.opendev.org/c/openstack/project-config/+/777095 | 19:25 |
| *** auristor has quit IRC | 19:28 | |
| openstackgerrit | Merged openstack/project-config master: Deprecate monasca-log-api https://review.opendev.org/c/openstack/project-config/+/777093 | 19:29 |
| *** andrewbonney has quit IRC | 19:34 | |
| *** zimmerry has quit IRC | 19:45 | |
| *** gmann is now known as gmann_lunch | 19:47 | |
| *** zimmerry has joined #opendev | 19:47 | |
| openstackgerrit | Clark Boylan proposed opendev/zone-opendev.org master: Add all the new zuul mergers to dns https://review.opendev.org/c/opendev/zone-opendev.org/+/777204 | 19:48 |
| openstackgerrit | Clark Boylan proposed opendev/system-config master: Replace all the zuul mergers with new focal nodes https://review.opendev.org/c/opendev/system-config/+/777205 | 19:49 |
| openstackgerrit | Clark Boylan proposed opendev/system-config master: Cleanup zm02-08.openstack.org https://review.opendev.org/c/opendev/system-config/+/777206 | 19:49 |
| clarkb | 206 has been marked WIP beacuse I think we want 205 in place first, turn off the mergers on the old ones, and ensure everything is happy then land 206 and delete the servers | 19:50 |
| clarkb | All 7 of those new servers are up and running. I think we can land https://review.opendev.org/c/opendev/zone-opendev.org/+/777204 and https://review.opendev.org/c/opendev/system-config/+/777205 whenever people are happy with them | 19:52 |
| iurygregory | clarkb, hey o/ while I was working on https://review.opendev.org/c/openstack/project-config/+/775244 a question was raised, do we need to copy-paste the definition of Backport-Candidate-label in every ACL or there is a definition of the label we should just re-use? | 19:55 |
| iurygregory | (not if here would be the right channel) =) | 19:56 |
| clarkb | iurygregory: the only labels we provide globally are code-review, verified, and approved | 19:56 |
| clarkb | any other backport candidates or review priority etc you have to define per acl you wish to use them in | 19:56 |
| clarkb | the trouble is that things like backports dont' make sense in all repos (not even within openstack) | 19:58 |
| fungi | anything we added centrally would end up inherited by every single project | 19:58 |
| fungi | we could do multi-layer inheritance (like we once did with the api-projects acl, i think?) but that would become a struggle to keep straight too | 19:58 |
| clarkb | ianw: fungi: I realized that I deleted zm01.openstack.org a bit early too. It should've been deleted after 777205 lands which removes it from the inventory | 20:00 |
| iurygregory | clarkb, gotcha thank you very much! | 20:00 |
| clarkb | but I think ansible should actually timeout the ssh connections when the host isn't there at all | 20:00 |
| clarkb | so its probably not urgent to land 777205 any quicker than we would normally | 20:00 |
| *** auristor has joined #opendev | 20:05 | |
| *** gmann_lunch is now known as gmann | 20:07 | |
| *** LowKey has quit IRC | 20:09 | |
| *** LowKey has joined #opendev | 20:09 | |
| ianw | fungi: so connecting up to the UI of a gerrit that has been started by tox | 20:23 |
| ianw | it is in development mode, the ui has "become" | 20:24 |
| ianw | but it doesn't have the admin user | 20:24 |
| fungi | ianw: that matches my experience with it, yes | 20:27 |
| fungi | and looking at the codepath, it seems to only avoid adding a default admin in dev mode if a query of the users table is nonempty | 20:27 |
| fungi | but we're not adding any users, so that shouldn't be the case | 20:28 |
| fungi | unless running gerrit a second time has a similar effect to preventing existence of the default admin | 20:28 |
| *** hamalq has joined #opendev | 20:30 | |
| clarkb | fungi: you downgraded your vote on https://review.opendev.org/c/opendev/system-config/+/777205 anything I should be looking at? or do you just want testing to complete first? | 20:44 |
| clarkb | also review on https://review.opendev.org/c/opendev/zone-opendev.org/+/777204 would be great too | 20:44 |
| fungi | clarkb: nope, alt+1 is my shortcut for +1 in gertty but also my keybinding for switching to the system buffer in weechat. i've accidentally done that more than once :/ | 20:48 |
| fungi | thanks for catching it | 20:48 |
| fungi | put back to +2 again | 20:48 |
| clarkb | ah yup I have xmonad mapped to use super instead of the default alt for similar reasons | 20:48 |
| fungi | i went ahead and approved the dns addition, it was just adding new non-colliding records and increasing the serial. cursory review of the records added seem to match what's proposed for addition to the inventory too | 20:50 |
| *** slaweq has quit IRC | 20:50 | |
| clarkb | thanks | 20:50 |
| clarkb | I'm about to pop out on a bike ride but if 205 gets approved I should be back to keep an eye on it well before itfinishes testing and zuul gets around to running the infra-prod job for zuul | 20:51 |
| openstackgerrit | Merged opendev/zone-opendev.org master: Add all the new zuul mergers to dns https://review.opendev.org/c/opendev/zone-opendev.org/+/777204 | 20:53 |
| *** knikolla has quit IRC | 21:11 | |
| *** knikolla has joined #opendev | 21:11 | |
| *** zaro has quit IRC | 21:11 | |
| *** zaro has joined #opendev | 21:13 | |
| *** zimmerry has quit IRC | 21:27 | |
| *** zimmerry has joined #opendev | 21:31 | |
| kopecmartin | ianw: hi, regarding the refstack and the missing 'api' part of the urls ... any chance, the urls were magically managed outside of the refstack server? by puppet or smth like that, I'm not exactly sure how the current one was exactly deployed | 21:36 |
| kopecmartin | i'm running the server also locally and none of the server options I experimented with seem to work, it's very strange | 21:36 |
| fungi | kopecmartin: it was/is apache mod_wsgi | 21:36 |
| ianw | kopecmartin: it's all ansible-ised ... whatever is on the test server we held should be the same as production | 21:37 |
| openstackgerrit | Kendall Nelson proposed openstack/project-config master: Add New Repo for StoryBoard-vue https://review.opendev.org/c/openstack/project-config/+/777244 | 21:38 |
| fungi | by "current one" i assumed the old/production puppeted refstack.openstack.org server | 21:38 |
| kopecmartin | fungi: yes | 21:39 |
| kopecmartin | I'll keep digging more into this pecan framework then | 21:39 |
| ianw | fungi: got it i think ... "We write out the ssh host key for gerrit's ssh server which for undocumented reasons forces gerrit init to download the bouncy castle libs". well the existence of that file also flips a "isNew" flag, which appears to make the site look like a not-fresh install, and prevents the admin user being created | 21:39 |
| ianw | i now get "RuntimeError: SSH key upload failed: <Response [400]> "Expected JSON object" | 21:40 |
| ianw | https://gerrit.googlesource.com/gerrit/+/44cd62ec1b2ef0b1d39e7d6048ae68b0091313ea/gerrit-server/src/main/java/com/google/gerrit/server/config/SitePaths.java#65 is the flag | 21:41 |
| ianw | school run ... bib | 21:42 |
| kopecmartin | ianw: that should be fixed by https://review.opendev.org/c/osf/refstack/+/776168 | 21:42 |
| fungi | ianw: aha! | 21:42 |
| fungi | ianw: thanks a ton, i didn't even consider that's what might be triggering it. i think i should be able to work around that | 21:43 |
| ianw | kopecmartin: if you down the container, docker-compose pull and restart it should pick that up on the test host? | 21:43 |
| fungi | it's possible that "undocumented reason" is also unnecessary in 2.13. i'll play around with it a bit | 21:43 |
| fungi | ianw: the json expectation is i think because of the content-type header being set, btw, i see zuul quickstart does text-plain to that method | 21:50 |
| fungi | testing that now | 21:50 |
| fungi | yay that works! | 21:51 |
| fungi | i mean, not completely, the test i'm trying now fails because `ssh -p 17030 admin@127.0.0.1 gerrit create-project --empty-commit --name test/test_project` returns "fatal: --name is not a valid option" but, progress! | 21:52 |
| fungi | gerrit create-project [NAME] [--] [--branch (-b) BRANCH] [--change-id [TRUE | FALSE | INHERIT]] [--content-merge [TRUE | FALSE | INHERIT]] [--contributor-agreements [TRUE | FALSE | INHERIT]] [--create-new-change-for-all-not-in-target (--ncfa)] [--description (-d) DESCRIPTION] [--empty-commit] [--help (-h)] [--max-object-size-limit VAL] [--new-change-for-all-not-in-target [TRUE | FALSE | INHERIT]] [--owner | 21:54 |
| fungi | (-o) GROUP] [--parent (-p) NAME] [--permissions-only] [--plugin-config VAL] [--reject-empty-commit [TRUE | FALSE | INHERIT]] [--require-change-id (--id)] [--signed-off-by [TRUE | FALSE | INHERIT]] [--submit-type (-t) [INHERIT | FAST_FORWARD_ONLY | MERGE_IF_NECESSARY | REBASE_IF_NECESSARY | REBASE_ALWAYS | MERGE_ALWAYS | CHERRY_PICK]] [--suggest-parents (-S)] [--trace] [--trace-id VAL] [--use-content-merge] | 21:54 |
| fungi | [--use-contributor-agreements (--ca)] [--use-signed-off-by (--so)] | 21:54 |
| fungi | er, sorry for the spam | 21:54 |
| fungi | i was going to comment on how the usage pattern for gerrit create-project is a bit complex, but i didn't realize it was quite that large | 21:55 |
| fungi | anyway, looks like --name was likely deprecated in favor of an unkeyed argument | 21:55 |
| fungi | yep, that fixed it | 21:59 |
| fungi | getting close | 21:59 |
| ianw | yay! | 22:05 |
| fungi | i think that's done it, but this was involved enough i want to break it up into a series of distinct changes | 22:06 |
| fungi | just so it's clear what's being altered in the testing | 22:07 |
| fungi | and for which reasons | 22:07 |
| fungi | basically it seems we can rip out the precreation of the ssh hostkeys | 22:08 |
| fungi | at least with 2.13, but maybe with 2.11 even | 22:08 |
| fungi | the addition of --dev to the init step is definitely necessary | 22:08 |
| fungi | the sed of the original auth type in the config file isn't needed though | 22:09 |
| fungi | changing to using the built-in admin account in dev mode for the tests rather than just for bootstrapping another admin user will simplify this a little bit | 22:10 |
| fungi | however 2.13 does itself require changes in a couple places for the new create-project cli syntax | 22:10 |
| fungi | full local tox run is still in progress but seems to be passing all tests so far | 22:11 |
| ianw | yep, i'd agree with all that after playing. 2.13 as a lower-bound for testing seems ok? | 22:11 |
| fungi | yeah, i mean we can't expect people to run tests locally if modern distros' openssh won't work with the version of gerrit we're using in the tests | 22:12 |
| fungi | but also it's blocking us from easily testing that this works with python 3.9 | 22:13 |
| ianw | yeah, i guess it won't work on fedora by default | 22:13 |
| fungi | git_review.tests.test_git_review.HttpGitReviewTestCase.test_git_review_d is failing with 2.13, looks like, so that may also need adjusting | 22:14 |
| fungi | if this is just down to a few failing tests though, i'm still thrilled. that's way better than failing 100% of tests before you spotted the problem | 22:15 |
| ianw | i didn't really get my point across in https://issues.apache.org/jira/browse/SSHD-1118 | 22:15 |
| fungi | :( | 22:15 |
| fungi | test_uploads_with_nondefault_rebase also breaking | 22:16 |
| fungi | i have a feeling we're relying on nuances of formatting from some responses, so i'll need to work through those | 22:19 |
| fungi | Passed: 109 Skipped: 1 Failed: 2 | 22:21 |
| fungi | much better | 22:21 |
| *** ralonsoh has quit IRC | 22:31 | |
| clarkb | ianw: oof ya I feel liek they dno't undersatnd that it would work if the server properly advertised the keys | 22:45 |
| *** dhellmann has quit IRC | 22:46 | |
| *** valleedelisle has quit IRC | 22:46 | |
| clarkb | ianw: can I get a second review on https://review.opendev.org/c/opendev/system-config/+/777205 to add in a bunch of new focal mergers? | 22:47 |
| clarkb | there is just enough changing with the testing and cacti and inventory etc that having another set of eyes on that would be good | 22:47 |
| ianw | lgtm, although i didn't check every address :) | 22:48 |
| clarkb | that should be ok I copied all that out of what launch node gave me and I trust it :) | 22:48 |
| *** dhellmann has joined #opendev | 22:48 | |
| *** valleedelisle has joined #opendev | 22:48 | |
| clarkb | ianw: re MINA maybe we should approach this from another angle. If ecdsa-foo becomes depreacted and clienst and servers need to negotiate ecdsa-new it will be the same situation I think | 22:51 |
| *** tkajinam has joined #opendev | 22:51 | |
| clarkb | this really isn't about rsa specifically but about the server being able to communicate which algorithms for public key auth it supports | 22:51 |
| ianw | yeah, i mean it sort of comes down to "could you please write support for server-sig-algs" | 22:53 |
| ianw | if google used the ssh bits i guess it would be fixed in about 15 minutes :) | 22:55 |
| clarkb | we're only failing here because openssh client falls back to rsa with sha1 if the first thing it tries fails | 22:56 |
| clarkb | and I think that could happen with other algorithms too | 22:56 |
| clarkb | ianw: maybe a response like "If MINA SSHD supported server-sig-algs and responded with support for rsa-sha2-256 and/or rsa-sha2-512 then fedora users would be able to authenticate with rsa keys using rsa-sha2-*. This is only failing because MINA SSHD does not respond with server-sig-algs information which forces the client to fallback to ssh-rsa which is not allowed by policy." | 22:59 |
| clarkb | and if that doesn't help oh well | 22:59 |
| clarkb | their code supports rsa, but not in a practical way for modern ssh | 23:00 |
| clarkb | which maybe is the whole point from their end, they just want to say rsa is dead and don't use it | 23:00 |
| clarkb | ianw: fwiw I do also think that fedora needs to upate their openssh-client to fallback to rsa-sha2-512 in this situation as well | 23:02 |
| clarkb | they have disabled the fallback so they may as well try something that has a chance of working | 23:02 |
| clarkb | ianw: completely unrelated I noticed that running the sshfp script will add host keys to known_hosts | 23:04 |
| clarkb | I like that as now I don't have to try and remember to do that manually | 23:04 |
| clarkb | hrm it could be that server-sig-algs is currently only useful for rsa beacuse all the other algorithms advertise themselves directly with their hash variants? | 23:10 |
| ianw | clarkb: yeah, i think the records turned out a bit less useful than i'd hoped due to the "need to flip config to trust them" | 23:12 |
| clarkb | ya I've continued to add them as I figure they may be useful to humans still | 23:13 |
| ianw | yeah, i think that most every fedora 33+ is now running with "Host * PubAcceptedKeyTypes +rsa-sha2-256,rsa-sha2-512" which iirc just ends up overriding things | 23:14 |
| ianw | well, through a convoluted set of operations ends up overriding the system crypto policy to fall back to the openssh default policy ... | 23:15 |
| clarkb | ya | 23:18 |
| openstackgerrit | Merged opendev/system-config master: Replace all the zuul mergers with new focal nodes https://review.opendev.org/c/opendev/system-config/+/777205 | 23:30 |
| openstackgerrit | Jeremy Stanley proposed opendev/git-review master: Create test projects with positional argument https://review.opendev.org/c/opendev/git-review/+/777260 | 23:31 |
| * clarkb waits patiently for the deploy jobsand reviews the git-review change | 23:34 | |
| fungi | i'll probably be dribbling these in | 23:34 |
| fungi | though the switch to test with 2.13 will be one big blob | 23:35 |
| *** roman_g has joined #opendev | 23:35 | |
| fungi | the bit ianw found which broke the devmode account credentials (which went unnoticed since tests weren't relying on it) was necessary to make 2.11 work | 23:35 |
| fungi | so we really can't switch to using admin/secret without switching to 2.13, and can't switch to 2.13 without using admin/secret | 23:36 |
| fungi | but i'm going to try to make any changes 2.13 will need which touches tests themselves in earlier commits if 2.11 will support them | 23:37 |
| fungi | and then do the addition of python 3.9 in its own separate change on top of all that | 23:38 |
| *** tkajinam has quit IRC | 23:40 | |
| *** tkajinam has joined #opendev | 23:40 | |
| *** roman_g has quit IRC | 23:45 | |
| fungi | heads up, i just got privmsg spam, odds are it's someone scraping the nicklists in channels | 23:50 |
| clarkb | I feel left out | 23:54 |
| clarkb | I've remembered the othe rthing I was looking at least week was the kna1 growroot stuff | 23:55 |
| clarkb | spot checking logstash again I don't see any obviously broken instances | 23:57 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!